DevSecOps Engineer

Job not on LinkedIn

🔥 0 minutes ago

🌪️ Kansas – Remote

🌪️ Kansas – Remote

💵 $122.1k - $160k / month

⏰ Full Time

🟠 Senior

🔴 Lead

⛑ DevOps & Site Reliability Engineer (SRE)

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

TrueML

WebsiteLinkedInAll Job Openings

51 - 200 employees

💳 Fintech

💸 Finance

👥 B2C

Fintech • Finance • B2C

TrueML is a leading company in the fintech sector, known for its innovative solutions that prioritize customer experience in the financial services industry. The company, along with its family of companies like TrueAccord, focuses on developing intelligent, digital-first communication platforms and products that revolutionize the consumer experience in financial health management. TrueML leverages the expertise of a dynamic team of data scientists, financial services experts, and customer experience specialists to create technology that addresses roadblocks to consumers' financial well-being, ensuring inclusivity and accessibility in financial systems. Founded in 2013 by Ohad Samet, TrueML continues to disrupt traditional financial services by making them more consumer-friendly and effective.

📋 Description

• Security Automation & CI/CD Integration (Core Focus): Embed security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, Azure DevOps). • Design and maintain automated security workflows across build, test, and deploy stages. • Implement security gates, policy enforcement, and compliance checks within pipelines. • Cloud Security (AWS Focus): Secure cloud-native architectures across AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway). • Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud). • Enforce least privilege access, secrets management, and runtime protections. • Own Cloud Security: Define and maintain security policies for our AWS environment, specifically focusing on containerized workloads (EKS/ECS) and serverless architectures (Lambda). • Automate Compliance: Move beyond manual checks by building real-time monitoring and automated remediation for AWS resources, ensuring we stay 'audit-ready' for frameworks like PCI and ISO 27001. • Lead Threat Modeling: Perform deep-dive threat modeling exercises on applications and designs, turning theoretical risks into actionable engineering plans. • Innovate with AI: Develop security standards for Generative AI leveraging AI-powered tools to explore our attack surface. • Guard the Infrastructure: Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives like IAM, KMS, and WAF to ensure a 'least privilege' environment.

🎯 Requirements

• An Experienced Defender: You bring 7-10 years in software engineering, DevOps, or cloud engineering. 3+ years in a DevSecOps focused role and a deep mastery of cloud security, vulnerability analysis, and incident response. • A Cloud Specialist: You have demonstrable expertise in the AWS ecosystem and are highly proficient in securing Infrastructure as Code (Terraform) and containerized environments. • Certified and Credentialed: You hold top-tier industry certifications (such as CISSP, SANS GIAC, or CASP) and have a firm grasp of compliance frameworks like PCI and ISO 27001. • Technically Versatile: You are familiar with OWASP, proficient with modern security tooling, and have the ability to secure complex API integrations and data protection layers. • AI-Aware: You understand the evolving landscape of AI regulations and have the technical curiosity to investigate how threat actors use AI to bypass traditional controls. • A Strategic Partner: You are a natural collaborator who can translate complex InfoSec projects into simple, maintainable tasks for Engineering teams. • An Elite Communicator: You can propose strategic methodologies to tackle legacy security debt and convince stakeholders of the business value of security-first design • Core Skills & Capabilities: Deep expertise in CI/CD pipelines (GitHub Actions, Jenkins) • Strong hands-on experience with AWS cloud security • Proficiency in application security tooling and integration • Experience with container security (Docker, Kubernetes) • Strong scripting/programming skills (Python, JavaScript) • Understanding of modern DevSecOps and shift-left security practices • Excellent collaboration skills across engineering, security, and DevOps teams

🏖️ Benefits

• Flexible vacation • Medical/dental/vision insurance • Traditional/Roth retirement savings options • Company-paid disability and life insurance • Flexible Spending Account & Limited FSA • Family-friendly parental leave, volunteer and voting time off • On-demand wellness platform access for you and 5 friends and family • PerkSpot discount program for 900+ merchants nationwide